Announcement

Collapse
No announcement yet.

Port forwarding not working [3389]

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Port forwarding not working [3389]

    Hi guys,

    Been trying to configure a cisco router to forward port 3389 to an internal IP (Server) [192.168.0.1]

    Here is the config of the router itself, I hope you guys can help me out.


    Code:
    Using 4671 out of 131072 bytes
    !
    ! Last configuration change at 10:32:10 BST Mon Oct 1 2007 by kcceng
    ! NVRAM config last updated at 10:32:45 BST Mon Oct 1 2007 by kcceng
    !
    version 12.3
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname supp-vockr-londrou1
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 ####bleh###
    !
    username ####bleh### privilege 15 secret 5 ####bleh###
    clock timezone GMT 0
    clock summer-time BST recurring
    aaa new-model
    !
    !
    aaa authentication banner ^C
    
    aaa authentication fail-message ^C
    
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    ip subnet-zero
    no ip source-route
    no ip cef
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    no ip domain lookup
    ip domain name ####bleh###
    ip ssh time-out 60
    ip ssh authentication-retries 2
    no ftp-server write-enable
    !
    !
    !
    !
    !
    crypto isakmp policy 10
     encr 3des
     hash md5
     authentication pre-share
     group 2
    !
    !
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    !
    !
    !
    !
    interface FastEthernet0
     description Uplink into Local LAN
     no ip address
     no cdp enable
    !
    interface FastEthernet1
     no ip address
     shutdown
     no cdp enable
    !
    interface FastEthernet2
     no ip address
     shutdown
     no cdp enable
    !
    interface FastEthernet3
     no ip address
     shutdown
     no cdp enable
    !
    interface FastEthernet4
     description Internet LAN
     ip address 213.2.198.83 255.255.255.248
     ip access-group firewall in
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip virtual-reassembly
     ip route-cache flow
     duplex auto
     speed auto
     no cdp enable
    !
    interface Vlan1
     description Routable Local LAN interface
     ip address 192.168.0.254 255.255.255.0
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip virtual-reassembly
     ip route-cache flow
     ip tcp adjust-mss 1452
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 213.2.198.81
    !
    no ip http server
    no ip http secure-server
    !
    ip access-list extended firewall
     remark NTP Server Access
     permit udp host 130.88.202.49 eq ntp any
     permit tcp any any eq 22
    !
    logging trap debugging
    no cdp run
    !
    control-plane
    !
    alias configure ae alias exec
    alias exec sir show ip route
    alias exec siib show ip int brief
    alias exec sr show run
    alias exec ss show start
    alias exec sv show version
    alias exec tm term mon
    alias exec tnm term no mon
    alias exec ct conf t
    alias exec sia show ip access-lists
    alias exec sint show ip nat trans
    alias exec sins show ip nat stat
    !
    line con 0
     no modem enable
     transport preferred all
     transport output telnet
    line aux 0
     transport preferred all
     transport output telnet
    line vty 0 4
     privilege level 15
     transport preferred all
     transport input telnet ssh
     transport output all
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    ntp clock-period 17175001
    ntp server 130.88.202.49
    end
    Kind regards,
    vbjr
    Blog: smoothblog.co.uk

  • #2
    Re: Port forwarding not working [3389]

    Interface FA0/4 needs: ip nat outside

    Interface Vlan1 needs: ip nat inside

    Then: ip nat inside source static tcp 192.168.0.1 3389 XX.XX.XX.XX 3389
    Where XX.XX.XX.XX is your outside ip address.
    CCNA, Network+

    Comment


    • #3
      Re: Port forwarding not working [3389]

      Thanks Daze, will try it out.

      What is the command to set the outside and inside on the interfaces though?
      Blog: smoothblog.co.uk

      Comment


      • #4
        Re: Port forwarding not working [3389]

        Just what I posted above. Go into each interface

        R1(config)#int fa0/4
        R1(config-if)#ip nat outside

        R1(config)#int vlan1
        R1(config-if)#ip nat inside
        CCNA, Network+

        Comment


        • #5
          Re: Port forwarding not working [3389]

          OK everything set as per your suggestion, but doesnt work, not even try to connect to the port
          Blog: smoothblog.co.uk

          Comment


          • #6
            Re: Port forwarding not working [3389]

            Forgot about the access-list. Try adding this to the firewall one
            permit tcp any any eq 3389
            CCNA, Network+

            Comment


            • #7
              Re: Port forwarding not working [3389]

              Thanks amigo, but still nada.

              Here is the current config just in case you wanna review it:

              Current configuration : 4776 bytes
              !
              ! Last configuration change at 12:28:55 GMT Sat Mar 28 2009 by ###
              !
              version 12.3
              no service pad
              service tcp-keepalives-in
              service tcp-keepalives-out
              service timestamps debug datetime msec localtime show-timezone
              service timestamps log datetime msec localtime show-timezone
              service password-encryption
              service sequence-numbers
              !
              hostname supp-vockr-londrou1
              !
              boot-start-marker
              boot-end-marker
              !
              logging buffered 51200 debugging
              logging console critical
              enable secret 5 haha
              !
              username ### privilege 15 secret 5 moo
              clock timezone GMT 0
              clock summer-time BST recurring
              aaa new-model
              !
              !
              aaa authentication login default local
              aaa authorization exec default local
              aaa session-id common
              ip subnet-zero
              no ip source-route
              no ip cef
              !
              !
              ip tcp synwait-time 10
              no ip bootp server
              no ip domain lookup
              ip domain name kerridge.net
              ip ssh time-out 60
              ip ssh authentication-retries 2
              no ftp-server write-enable
              !
              !
              !
              !
              !
              crypto isakmp policy 10
              encr 3des
              hash md5
              authentication pre-share
              group 2
              !
              !
              crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
              !
              !
              interface FastEthernet0
              description Uplink into Local LAN
              no ip address
              no cdp enable
              !
              interface FastEthernet1
              no ip address
              shutdown
              no cdp enable
              !
              interface FastEthernet2
              no ip address
              shutdown
              no cdp enable
              !
              interface FastEthernet3
              no ip address
              shutdown
              no cdp enable
              !
              interface FastEthernet4
              description Internet LAN
              ip address #### 255.255.255.248
              ip access-group firewall in
              no ip redirects
              no ip unreachables
              no ip proxy-arp
              ip nat outside
              ip virtual-reassembly
              ip route-cache flow
              duplex auto
              speed auto
              no cdp enable
              !
              interface Vlan1
              description Routable Local LAN interface
              ip address 192.168.0.254 255.255.255.0
              no ip redirects
              no ip unreachables
              no ip proxy-arp
              ip nat inside
              ip virtual-reassembly
              ip route-cache flow
              ip tcp adjust-mss 1452
              !
              ip classless
              ip route 0.0.0.0 0.0.0.0 213.2.198.81
              !
              no ip http server
              no ip http secure-server
              ip nat inside source static tcp 192.168.0.1 3389 #### 3389 extendable
              !
              ip access-list extended firewall
              remark NTP Server Access
              permit udp host #### eq ntp any
              permit tcp any any eq 22
              permit tcp any any eq 3389 log
              permit tcp any any eq 3389
              !
              logging trap debugging
              no cdp run
              !
              control-plane
              !
              alias configure ae alias exec
              alias exec sir show ip route
              alias exec siib show ip int brief
              alias exec sr show run
              alias exec ss show start
              alias exec sv show version
              alias exec tm term mon
              alias exec tnm term no mon
              alias exec ct conf t
              alias exec sia show ip access-lists
              alias exec sint show ip nat trans
              alias exec sins show ip nat stat
              !
              line con 0
              no modem enable
              transport preferred all
              transport output telnet
              line aux 0
              transport preferred all
              transport output telnet
              line vty 0 4
              privilege level 15
              transport preferred all
              transport input telnet ssh
              transport output all
              !
              scheduler max-task-time 5000
              scheduler allocate 4000 1000
              scheduler interval 500
              ntp clock-period 17175024
              ntp server ####
              end
              Blog: smoothblog.co.uk

              Comment


              • #8
                Re: Port forwarding not working [3389]

                Hi,

                Provide you network diagram



                Cheers
                DT

                Comment


                • #9
                  Re: Port forwarding not working [3389]

                  Internet --> Cisco Router --> Server (eth4) + Network switch --> PC's
                  Blog: smoothblog.co.uk

                  Comment


                  • #10
                    Re: Port forwarding not working [3389]

                    You sure that the server has RDP enabled?
                    CCNA, Network+

                    Comment


                    • #11
                      Re: Port forwarding not working [3389]

                      it sure has, i tested it inside the LAN as well as installed hamachi to test it and RDP works just fine, also made sure that it has the right IP address, not sure what else I can do, hamachi is my work around for now though
                      Blog: smoothblog.co.uk

                      Comment


                      • #12
                        Re: Port forwarding not working [3389]

                        just remove ACL from interface .

                        Second why you havnot given the ip addresse to inside lan interface i.e fa0/0 and what you want to achive by creating VLAN 1 in router.

                        Just porvide the same IP which you have given to vlan 1 to int fa0/0.And then do ip nat INSIDE in fa0/0



                        Also PLEASE PROVIDE ME
                        Source IP
                        Destination IP

                        where you want to comunicate via rdc .


                        one more thing please provide the result of ip nat translation .


                        one more thing what is the model of your switch ,is this simple l2 switch acting as hub or what .

                        Provide me all this solution we will surley try our level best to resolve your issue.


                        Cheers
                        DT

                        Comment

                        Working...
                        X